America’s credit unions don’t have it easy today. Though all financial institutions– large and small—frequently find themselves targets of cyber-attacks, credit unions face considerable challenges in protecting the sensitive financial data they manage, but at a level of spend that won’t impact their ability to return value to loyal credit union members.
The non-profit model according to which credit unions operate often doesn’t leave much room for expansive IT spending. Most CU IT departments are run by lean teams of individuals with broad experience across the different infrastructures applications and security measures. Adding pressure and complexity to the workload of credit union IT professionals who are already spread thin is the rise in ransomware attacks. Ransomware has rapidly become a dominant force across a broad and sophisticated threat landscape, driven aggressively by profit-seeking cybercriminals. These gangs know that many small financial institutions don’t have as robust a security posture as their larger for-profit counterparts, making many of them easier targets for attacks.
Furthermore, the potential damage to a credit union isn’t limited to direct ransomware attacks; CUs also suffer an impact when cyberattacks compromise the payment card information of their members at other retail and e-commerce establishments. One recent occurrence that triggered a massive spike in reported debit card fraud was the breach suffered by fast food chain Wendy’s in the fall of 2015. Some CU members who patronized Wendy’s on a regular basis were compromised more than once, which suggests that the threat was active for a while before it was properly mitigated. The resulting impact to the credit unions was a premature depletion of a huge percentage of their annual fraud reserves.
How Credit Unions Can Reduce Risk
While it may be impossible to drive the security practices of outside organizations, the best bet for credit unions to reduce their own risk of being compromised by cyberattacks is twofold:
1. Educate credit union management, branch personnel, and all members on cybersecurity best practices. This includes helping them to avoid falling prey to social engineering tactics and phishing e-mails—the primary vehicle for ransomware.
2. Deploy a next-generation endpoint protection (NGEP) solution that offers protection against multiple vectors of attack, and that can be deployed and managed simply with little hands-on time. The endpoint—be it a laptop or a server– is the most vulnerable part of an organization’s infrastructure, and is highly targeted due to the fact that it’s where valuable information lies. Most credit unions are still running antivirus, and static prevention technology is no match for the types of advanced attacks that target small financial institutions.
NGEP solutions go beyond just prevention, and offer threat detection coupled with policy-driven mitigation and remediation capabilities. This functionality serves to eliminate dwell time (and thus risk of damage) and allows small IT teams to keep their focus on proactive projects.
For more insight into how to evaluate a next-generation endpoint protection solution for your credit union or financial organization, download a copy of our Next Generation Endpoint Protection Buyer’s Guide.